Command Injection Vulnerabilities in Blink Routers by LB-LINK
CVE-2025-45987

9.8CRITICAL

Key Information:

Vendor: LB-LINK
Status: Blink Routers
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-45987?

Several models of Blink routers have been identified with command injection vulnerabilities that occur through the dns1 and dns2 parameters within the bs_SetDNSInfo function. These vulnerabilities allow unauthorized users to execute arbitrary commands, potentially leading to unauthorized access and control over the device. As a result, safety measures and prompt updates are crucial for maintaining network integrity and preventing exploitation.

References

https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-L...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Apr 22, 2025